CVE-2005-1744

Published: May 24, 2005Modified: Apr 16, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

Affected (1)

Products: Bea: Weblogic Server

1 product

Weblogic Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bea Weblogic Server	Up to 7.0

Related CWEs

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (10)

http://dev2dev.bea.com/pub/advisory/127

Source: cve@mitre.org

Product

http://secunia.com/advisories/15486

Source: cve@mitre.org

Broken LinkVendor Advisory

http://securitytracker.com/id?1014049

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/13717

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2005/0604

Source: cve@mitre.org

Broken Link

http://dev2dev.bea.com/pub/advisory/127

Source: af854a3a-2127-422b-91ae-364da2661108

Product

http://secunia.com/advisories/15486

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://securitytracker.com/id?1014049

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/13717

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2005/0604

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.